package cn.itcast.web.shiro;

import cn.itcast.common.utils.Encrypt;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

/**
 *  自定义密码比较器
 *      Credentials
 *      Matcher
 */

public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {

    /*
        密码比较方法
            参数：
                AuthenticationToken：用户登录输入的用户名和密码
                AuthenticationInfo : 认证信息（安全数据用户对象，数据库密码，realm域名称）
     */
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        //1.获取用户登录的密码和数据库密码
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String email = upToken.getUsername();
        String password = new String(upToken.getPassword());
        String dbPassword = (String)info.getCredentials();
        //2.对用户登录的密码进行加密
        password = Encrypt.md5(password,email);
        //3.两个密码进行比较
        return dbPassword.equals(password);
    }
}
